Evon Executor malware + findit-pro redirect + Discord, Facebook and X hack - Virus, Trojan, Spyware, and Malware Removal Help (2024)

Here's the Adwcleaner log:

# -------------------------------

# Malwarebytes AdwCleaner 8.4.2.0

# -------------------------------

# Build: 03-04-2024

# Database: 2024-03-04.1 (Cloud)

#

# -------------------------------

# Mode: Clean

# -------------------------------

# Start: 06-14-2024

# Duration: 00:00:01

# OS: Windows 11 (Build 22621.3593)

# Cleaned: 5

# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted C:\Users\Public\Desktop\Google Chrome.lnk

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

Deleted HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\browser.exe

Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe

Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\browser.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys

[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1872 octets] - [14/06/2024 07:05:28]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Here's Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.06.2024

Ran by DELL (14-06-2024 07:09:38) Run:1

Running from C:\Users\DELL\Desktop

Loaded Profiles: DELL

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start::

CreateRestorePoint:

CloseProcesses:

cmd: netsh int ip reset C:\resettcpip.txt

cmd: netsh advfirewall reset

EmptyTemp:

Unlock: C:\Windows\UV_LastPW.ini

AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1693.6 - AVG Technologies) Hidden

2024-06-10 07:22 - 2024-06-10 09:40 - 000000000 ____D C:\Users\DELL\1000015002

2024-06-09 14:22 - 2024-06-09 14:22 - 000000008 ____H () C:\ProgramData\tit_66.dat

2024-06-09 14:22 - 2024-06-09 14:22 - 000000128 ____H () C:\ProgramData\tres-a.dat

2024-06-09 14:22 - 2024-06-09 14:22 - 000000128 ____H () C:\ProgramData\tres-b.dat

cmd: type C:\Users\DELL\Downloads\tinytask.ini

Task: C:\Windows\Tasks\axplong.job => C:\Users\DELL\AppData\Local\Temp\8254624243\axplong.exe <==== ATTENTION

Task: C:\Windows\Tasks\Dctooux.job => C:\Users\DELL\AppData\Local\Temp\b739b37d80\Dctooux.exe <==== ATTENTION

Task: C:\Windows\Tasks\explortu.job => C:\Users\DELL\AppData\Local\Temp\9217037dc9\explortu.exe <==== ATTENTION

Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)

Task: {86DE970D-0721-41E2-81E1-8C949FE44FA0} - System32\Tasks\Activation-Renewal => C:\ProgramData\Activation-Renewal\Activation_task.cmd [15319 2024-02-24] () [File not signed] -> Task <==== ATTENTION

C:\ProgramData\Activation-Renewal

StartupDir: C:\Users\DELL\AppData\Local\Temp\1000021001\ <==== ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION

S3 BITS_bkp; C:\Windows\System32\qmgr.dll [1388544 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

U2 dosvc_bkp; C:\Windows\system32\dosvc.dll [90112 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S2 UsoSvc_bkp; C:\Windows\system32\usosvc.dll [77824 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 WaaSMedicSvc_bkp; C:\Windows\System32\WaaSMedicSvc.dll [90112 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 wuauserv_bkp; C:\Windows\system32\wuaueng.dll [138112 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

2024-06-10 07:22 - 2024-06-10 09:36 - 000000278 _____ C:\Windows\Tasks\axplong.job

2024-05-25 17:14 - 2024-04-29 13:12 - 000000570 _____ C:\Users\DELL\AppData\LocalLow\6c5f59841cd760e5c8b31e38c77d601a3e17d53e4cac46ebb9247b97e83d576c

2024-05-25 17:13 - 2024-04-29 13:12 - 000129751 _____ C:\Users\DELL\AppData\LocalLow\90105c431cf16f37f3c938b0f52bdbd245a7906c1fca67750340ebb0ae30e8e4

2024-06-01 17:26 - 2024-02-24 19:22 - 000001368 _____ C:\Users\DELL\Desktop\Roblox Studio.lnk

2024-06-06 11:00 - 2024-02-24 19:22 - 000001368 _____ C:\Users\DELL\Desktop\Roblox Player.lnk

2024-06-06 11:00 - 2024-02-24 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox

2024-06-10 18:12 - 2024-05-02 16:23 - 000000130 _____ C:\Users\DELL\AppData\LocalLow\d184b3a61bf4be513cbb771b07df842ddf56f91b67d9cbe187f53880ca9b5c5d

2024-06-10 17:52 - 2024-05-02 16:23 - 000032382 _____ C:\Users\DELL\AppData\LocalLow\7c20ed46f96c41e8f4707573a4b5f44f7b40b89f3834b85911e9c253e71a658b

2024-06-10 20:36 - 2024-04-29 13:19 - 000035644 _____ C:\Users\DELL\AppData\LocalLow\abdfbee3f482f410934d1e17c2f7f6fa1d3b379b2a07284ffda6ea337445c922

2024-06-10 20:18 - 2024-04-29 13:12 - 000121881 _____ C:\Users\DELL\AppData\LocalLow\6d1a0d74b8983cab26a68cd0cdace1fb63918ce4f5f6aeaeeefb13009d6d5154

2024-06-10 20:00 - 2024-04-29 16:09 - 000023525 _____ C:\Users\DELL\AppData\LocalLow\b15d3a108baf677bad705d2193ceb1d29295e9ae5672296ad2f6ec14fa4d226f

2024-06-10 20:00 - 2024-04-29 16:09 - 000000130 _____ C:\Users\DELL\AppData\LocalLow\9efc7b77bc60a484afa1dbca8105b35ad2d2bcddf61075a21cfb283050ad9d1e

2024-05-16 18:13 - 2024-05-16 18:13 - 000002264 _____ C:\Users\DELL\AppData\LocalLow\8d5ed0a1f16e2933d1fae4f035980cafee65a1b095f818326db75bdb351daf1e

2024-05-14 15:51 - 2024-05-14 15:57 - 007885466 _____ C:\Users\DELL\Downloads\robloxapp-20240514-1549584.mp4

2024-05-14 15:46 - 2024-05-14 15:46 - 005514916 _____ C:\Users\DELL\Downloads\robloxapp-20240514-1543539.mp4

2024-05-14 15:46 - 2024-05-14 15:46 - 002600525 _____ C:\Users\DELL\Downloads\robloxapp-20240514-1545020.mp4

2024-05-14 10:14 - 2024-05-14 10:14 - 000000000 _____ C:\3E2B.tmp

2024-05-18 16:28 - 2024-06-01 09:56 - 000000130 _____ C:\Users\DELL\AppData\LocalLow\491dfa6c5089e8600099e6d1172d3a6bce2aaa0bc0a8fb3c146b3df0d94a5618

2024-05-18 16:28 - 2024-06-01 09:22 - 000046739 _____ C:\Users\DELL\AppData\LocalLow\14cec8a688e7e25ec65d0024a12c37be778db19ee974553c79f1bfd71cb3ee51

2024-05-18 16:04 - 2024-06-01 17:27 - 000000255 _____ C:\Users\DELL\AppData\LocalLow\rbxcsettings.rbx

2024-05-18 16:04 - 2024-05-18 16:04 - 000000000 ____D C:\ProgramData\Roblox

2024-05-26 15:47 - 2024-05-26 15:47 - 005634409 _____ C:\Users\DELL\Downloads\robloxapp-20240526-1545380.mp4

2024-05-25 21:21 - 2024-05-25 21:21 - 000002264 _____ C:\Users\DELL\AppData\LocalLow\1601b4780ec90bb3e96b81accc7fc7435bcaa686ef0d15203be2de0db716fbe3

2024-05-25 20:24 - 2024-05-25 20:24 - 000002264 _____ C:\Users\DELL\AppData\LocalLow\d2bb5501f9a1e82f495b624129ed5f2bbfc05e5cc270a51009eecb57c7c90c7b

2024-05-25 20:22 - 2024-06-10 19:00 - 000000634 _____ C:\Users\DELL\AppData\LocalLow\910c417c7f159199dc0b826dfb0b33c2f0152266127faa5758e27a17dc6d9318

2024-05-25 20:22 - 2024-06-10 18:58 - 000150786 _____ C:\Users\DELL\AppData\LocalLow\09c012558a04e45f3dcd9e5c5790ecc00132d0a2a6c00a2fd74449796ee1d9d7

2024-06-06 12:24 - 2024-06-06 12:24 - 000109192 _____ C:\Users\DELL\AppData\LocalLow\34f6b2483462849a0a6b86842dbaed8595c9b1ea24a510ce6cabb8d612885e8b

2024-06-06 12:24 - 2024-06-06 12:24 - 000000130 _____ C:\Users\DELL\AppData\LocalLow\4fca0a34b497acffbb870a4cea576f3ac71f00928c3146fe3d0d2dac45c9d5fb

2024-06-05 12:11 - 2024-06-05 12:11 - 000256533 _____ C:\Users\DELL\Downloads\rbxfpsunlocker-x64.zip

2024-06-05 12:11 - 2024-06-05 12:11 - 000000000 ____D C:\Users\DELL\Downloads\rbxfpsunlocker-x64

2024-06-09 14:21 - 2024-06-09 14:21 - 000000000 ____D C:\ProgramData\MPGPH131

2024-06-09 14:34 - 2024-06-10 09:36 - 000000280 _____ C:\Windows\Tasks\explortu.job

2024-06-09 14:34 - 2024-06-09 14:34 - 000000000 ____D C:\ProgramData\MSIUpdaterV131_0e77e820e5c00ed5b0585a4d674a2e51

2024-06-09 14:33 - 2024-06-09 14:33 - 000000000 ____D C:\ProgramData\MSIUpdaterV131_f09ac2d587354c6431bf93812ba7548f

2024-06-09 14:33 - 2024-06-09 14:33 - 000000000 ____D C:\ProgramData\MSIUpdaterV131_30f85fd004d4df68ea1f8d35c18db496

2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\ProgramData\oBeyQrPqBvPiiLVB

2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\xSxYkcSdbazbYzGpZTR

2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\vEcQBTYFTXUn

2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\RFIumDCEBXXU2

2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\AClHKqYMJaBBC

2024-06-09 14:22 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\ijLlchIpU

2024-06-09 14:22 - 2024-06-09 14:22 - 000000128 ____H C:\ProgramData\tres-b.dat

2024-06-09 14:22 - 2024-06-09 14:22 - 000000128 ____H C:\ProgramData\tres-a.dat

2024-06-09 14:22 - 2024-06-09 14:22 - 000000008 ____H C:\ProgramData\tit_66.dat

2024-06-09 14:21 - 2024-06-09 14:23 - 000000000 ____D C:\ProgramData\DHCGIDHDAKJE

2024-06-09 14:34 - 2024-06-10 09:36 - 000000280 _____ C:\Windows\Tasks\explortu.job

2024-06-09 14:34 - 2024-06-09 14:34 - 000000000 ____D C:\ProgramData\MSIUpdaterV131_0e77e820e5c00ed5b0585a4d674a2e51

2024-06-09 14:33 - 2024-06-09 14:33 - 000000000 ____D C:\ProgramData\MSIUpdaterV131_f09ac2d587354c6431bf93812ba7548f

2024-06-09 14:33 - 2024-06-09 14:33 - 000000000 ____D C:\ProgramData\MSIUpdaterV131_30f85fd004d4df68ea1f8d35c18db496

2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\ProgramData\oBeyQrPqBvPiiLVB

2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\xSxYkcSdbazbYzGpZTR

2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\vEcQBTYFTXUn

2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\RFIumDCEBXXU2

2024-06-09 14:23 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\AClHKqYMJaBBC

2024-06-09 14:22 - 2024-06-09 14:23 - 000000000 ____D C:\Program Files (x86)\ijLlchIpU

2024-06-09 14:21 - 2024-06-09 14:23 - 000000000 ____D C:\ProgramData\DHCGIDHDAKJE

2024-06-10 07:23 - 2024-06-10 07:23 - 000000000 ___HD C:\Users\DELL\AppData\Roaming\configurationValue

2024-06-10 07:23 - 2024-06-10 07:23 - 000000000 ____D C:\Users\DELL\AppData\Local\MonsterUpdateService

2024-06-10 07:23 - 2019-11-21 04:54 - 044246016 _____ (Microsoft Corporation) C:\Windows\system32\winsvc.exe

2024-06-10 08:54 - 2024-06-10 08:55 - 186955328 _____ C:\Users\DELL\Downloads\Roblox.Arceus.X.NEO.1.3.2.bypass.apk

2024-06-10 07:36 - 2020-04-01 02:02 - 000002893 _____ C:\Windows\system32\cache.dat

2024-06-10 07:24 - 2024-06-10 07:24 - 000000000 ____D C:\ProgramData\wikombernizc

2024-06-10 07:24 - 2020-03-15 21:08 - 036144128 _____ (Microsoft Corporation) C:\Windows\system32\wincfg.exe

2024-06-10 07:24 - 2020-03-13 13:52 - 009556480 _____ (Microsoft Corporation) C:\Windows\system32\winnet.exe

2024-06-10 07:23 - 2024-06-10 09:36 - 000000278 _____ C:\Windows\Tasks\Dctooux.job

2024-06-10 07:23 - 2024-06-10 09:14 - 038851072 _____ (Microsoft Corporation) C:\Windows\system32\SetupWizard.exe

2024-06-10 12:43 - 2019-11-21 05:59 - 037807616 _____ (Microsoft Corporation) C:\Windows\system32\windefscan.exe

2024-06-10 12:23 - 2019-11-21 11:09 - 041655808 _____ (Microsoft Corporation) C:\Windows\system32\windeffw.exe

R2 winsvc; C:\Windows\system32\winsvc.exe [44246016 2019-11-21] (Microsoft Corporation) [File not signed] <==== ATTENTION

End::

*****************

Restore point was successfully created.

Processes closed successfully.

========= netsh int ip reset C:\resettcpip.txt =========

Resetting Compartment Forwarding, OK!

Resetting Compartment, OK!

Resetting Control Protocol, OK!

Resetting Echo Sequence Request, OK!

Resetting Global, OK!

Resetting Interface, OK!

Resetting Anycast Address, OK!

Resetting Multicast Address, OK!

Resetting Unicast Address, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting Potential, OK!

Resetting Prefix Policy, OK!

Resetting Proxy Neighbor, OK!

Resetting Route, OK!

Resetting Site Prefix, OK!

Resetting Subinterface, OK!

Resetting Wakeup Pattern, OK!

Resetting Resolve Neighbor, OK!

Resetting , OK!

Resetting , OK!

Resetting , OK!

Resetting , OK!

Resetting , failed.

Access is denied.

Resetting , OK!

Resetting , OK!

Resetting , OK!

Resetting , OK!

Resetting , OK!

Resetting , OK!

Resetting , OK!

Resetting , OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

"C:\Windows\UV_LastPW.ini" => was unlocked

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}\\SystemComponent" => removed successfully

"C:\Users\DELL\1000015002" Folder move:

C:\Users\DELL\1000015002 => moved successfully

C:\ProgramData\tit_66.dat => moved successfully

C:\ProgramData\tres-a.dat => moved successfully

C:\ProgramData\tres-b.dat => moved successfully

========= type C:\Users\DELL\Downloads\tinytask.ini =========

[TinyTask]

window_x=634

window_y=391

speed=8

speed_custom=8

record_key=8

play_key=0

topmost=0

hide_captions=0

toolbar_padding=5

========= End of CMD: =========

C:\Windows\Tasks\axplong.job => moved successfully

C:\Windows\Tasks\Dctooux.job => moved successfully

C:\Windows\Tasks\explortu.job => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully

C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86DE970D-0721-41E2-81E1-8C949FE44FA0}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86DE970D-0721-41E2-81E1-8C949FE44FA0}" => removed successfully

C:\Windows\System32\Tasks\Activation-Renewal => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Activation-Renewal" => removed successfully

"C:\ProgramData\Activation-Renewal" Folder move:

C:\ProgramData\Activation-Renewal => moved successfully

StartupDir: C:\Users\DELL\AppData\Local\Temp\1000021001\ <==== ATTENTION => restored successfully

HKLM\SOFTWARE\Policies\Microsoft\MRT => removed successfully

"HKLM\System\CurrentControlSet\Services\BITS_bkp" => removed successfully

BITS_bkp => service removed successfully

HKLM\System\CurrentControlSet\Services\dosvc_bkp => removed successfully

dosvc_bkp => service removed successfully

HKLM\System\CurrentControlSet\Services\UsoSvc_bkp => removed successfully

UsoSvc_bkp => service removed successfully

HKLM\System\CurrentControlSet\Services\WaaSMedicSvc_bkp => removed successfully

WaaSMedicSvc_bkp => service removed successfully

HKLM\System\CurrentControlSet\Services\wuauserv_bkp => removed successfully

wuauserv_bkp => service removed successfully

"C:\Windows\Tasks\axplong.job" => not found

C:\Users\DELL\AppData\LocalLow\6c5f59841cd760e5c8b31e38c77d601a3e17d53e4cac46ebb9247b97e83d576c => moved successfully

C:\Users\DELL\AppData\LocalLow\90105c431cf16f37f3c938b0f52bdbd245a7906c1fca67750340ebb0ae30e8e4 => moved successfully

"C:\Users\DELL\Desktop\Roblox Studio.lnk" => not found

"C:\Users\DELL\Desktop\Roblox Player.lnk" => not found

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox" Folder move:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox => moved successfully

C:\Users\DELL\AppData\LocalLow\d184b3a61bf4be513cbb771b07df842ddf56f91b67d9cbe187f53880ca9b5c5d => moved successfully

C:\Users\DELL\AppData\LocalLow\7c20ed46f96c41e8f4707573a4b5f44f7b40b89f3834b85911e9c253e71a658b => moved successfully

C:\Users\DELL\AppData\LocalLow\abdfbee3f482f410934d1e17c2f7f6fa1d3b379b2a07284ffda6ea337445c922 => moved successfully

Could not move "C:\Users\DELL\AppData\LocalLow\6d1a0d74b8983cab26a68cd0cdace1fb63918ce4f5f6aeaeeefb13009d6d5154" => Scheduled to move on reboot.

C:\Users\DELL\AppData\LocalLow\b15d3a108baf677bad705d2193ceb1d29295e9ae5672296ad2f6ec14fa4d226f => moved successfully

C:\Users\DELL\AppData\LocalLow\9efc7b77bc60a484afa1dbca8105b35ad2d2bcddf61075a21cfb283050ad9d1e => moved successfully

C:\Users\DELL\AppData\LocalLow\8d5ed0a1f16e2933d1fae4f035980cafee65a1b095f818326db75bdb351daf1e => moved successfully

C:\Users\DELL\Downloads\robloxapp-20240514-1549584.mp4 => moved successfully

C:\Users\DELL\Downloads\robloxapp-20240514-1543539.mp4 => moved successfully

C:\Users\DELL\Downloads\robloxapp-20240514-1545020.mp4 => moved successfully

C:\3E2B.tmp => moved successfully

C:\Users\DELL\AppData\LocalLow\491dfa6c5089e8600099e6d1172d3a6bce2aaa0bc0a8fb3c146b3df0d94a5618 => moved successfully

C:\Users\DELL\AppData\LocalLow\14cec8a688e7e25ec65d0024a12c37be778db19ee974553c79f1bfd71cb3ee51 => moved successfully

C:\Users\DELL\AppData\LocalLow\rbxcsettings.rbx => moved successfully

"C:\ProgramData\Roblox" Folder move:

C:\ProgramData\Roblox => moved successfully

C:\Users\DELL\Downloads\robloxapp-20240526-1545380.mp4 => moved successfully

C:\Users\DELL\AppData\LocalLow\1601b4780ec90bb3e96b81accc7fc7435bcaa686ef0d15203be2de0db716fbe3 => moved successfully

C:\Users\DELL\AppData\LocalLow\d2bb5501f9a1e82f495b624129ed5f2bbfc05e5cc270a51009eecb57c7c90c7b => moved successfully

C:\Users\DELL\AppData\LocalLow\910c417c7f159199dc0b826dfb0b33c2f0152266127faa5758e27a17dc6d9318 => moved successfully

C:\Users\DELL\AppData\LocalLow\09c012558a04e45f3dcd9e5c5790ecc00132d0a2a6c00a2fd74449796ee1d9d7 => moved successfully

C:\Users\DELL\AppData\LocalLow\34f6b2483462849a0a6b86842dbaed8595c9b1ea24a510ce6cabb8d612885e8b => moved successfully

C:\Users\DELL\AppData\LocalLow\4fca0a34b497acffbb870a4cea576f3ac71f00928c3146fe3d0d2dac45c9d5fb => moved successfully

C:\Users\DELL\Downloads\rbxfpsunlocker-x64.zip => moved successfully

"C:\Users\DELL\Downloads\rbxfpsunlocker-x64" Folder move:

C:\Users\DELL\Downloads\rbxfpsunlocker-x64 => moved successfully

"C:\ProgramData\MPGPH131" Folder move:

C:\ProgramData\MPGPH131 => moved successfully

"C:\Windows\Tasks\explortu.job" => not found

"C:\ProgramData\MSIUpdaterV131_0e77e820e5c00ed5b0585a4d674a2e51" Folder move:

C:\ProgramData\MSIUpdaterV131_0e77e820e5c00ed5b0585a4d674a2e51 => moved successfully

"C:\ProgramData\MSIUpdaterV131_f09ac2d587354c6431bf93812ba7548f" Folder move:

C:\ProgramData\MSIUpdaterV131_f09ac2d587354c6431bf93812ba7548f => moved successfully

"C:\ProgramData\MSIUpdaterV131_30f85fd004d4df68ea1f8d35c18db496" Folder move:

C:\ProgramData\MSIUpdaterV131_30f85fd004d4df68ea1f8d35c18db496 => moved successfully

"C:\ProgramData\oBeyQrPqBvPiiLVB" Folder move:

C:\ProgramData\oBeyQrPqBvPiiLVB => moved successfully

"C:\Program Files (x86)\xSxYkcSdbazbYzGpZTR" Folder move:

C:\Program Files (x86)\xSxYkcSdbazbYzGpZTR => moved successfully

"C:\Program Files (x86)\vEcQBTYFTXUn" Folder move:

C:\Program Files (x86)\vEcQBTYFTXUn => moved successfully

"C:\Program Files (x86)\RFIumDCEBXXU2" Folder move:

C:\Program Files (x86)\RFIumDCEBXXU2 => moved successfully

"C:\Program Files (x86)\AClHKqYMJaBBC" Folder move:

C:\Program Files (x86)\AClHKqYMJaBBC => moved successfully

"C:\Program Files (x86)\ijLlchIpU" Folder move:

C:\Program Files (x86)\ijLlchIpU => moved successfully

"C:\ProgramData\tres-b.dat" => not found

"C:\ProgramData\tres-a.dat" => not found

"C:\ProgramData\tit_66.dat" => not found

"C:\ProgramData\DHCGIDHDAKJE" Folder move:

C:\ProgramData\DHCGIDHDAKJE => moved successfully

"C:\Windows\Tasks\explortu.job" => not found

"C:\ProgramData\MSIUpdaterV131_0e77e820e5c00ed5b0585a4d674a2e51" => not found

"C:\ProgramData\MSIUpdaterV131_f09ac2d587354c6431bf93812ba7548f" => not found

"C:\ProgramData\MSIUpdaterV131_30f85fd004d4df68ea1f8d35c18db496" => not found

"C:\ProgramData\oBeyQrPqBvPiiLVB" => not found

"C:\Program Files (x86)\xSxYkcSdbazbYzGpZTR" => not found

"C:\Program Files (x86)\vEcQBTYFTXUn" => not found

"C:\Program Files (x86)\RFIumDCEBXXU2" => not found

"C:\Program Files (x86)\AClHKqYMJaBBC" => not found

"C:\Program Files (x86)\ijLlchIpU" => not found

"C:\ProgramData\DHCGIDHDAKJE" => not found

"C:\Users\DELL\AppData\Roaming\configurationValue" Folder move:

C:\Users\DELL\AppData\Roaming\configurationValue => moved successfully

"C:\Users\DELL\AppData\Local\MonsterUpdateService" Folder move:

C:\Users\DELL\AppData\Local\MonsterUpdateService => moved successfully

C:\Windows\system32\winsvc.exe => moved successfully

C:\Users\DELL\Downloads\Roblox.Arceus.X.NEO.1.3.2.bypass.apk => moved successfully

C:\Windows\system32\cache.dat => moved successfully

"C:\ProgramData\wikombernizc" Folder move:

C:\ProgramData\wikombernizc => moved successfully

C:\Windows\system32\wincfg.exe => moved successfully

C:\Windows\system32\winnet.exe => moved successfully

"C:\Windows\Tasks\Dctooux.job" => not found

C:\Windows\system32\SetupWizard.exe => moved successfully

C:\Windows\system32\windefscan.exe => moved successfully

C:\Windows\system32\windeffw.exe => moved successfully

HKLM\System\CurrentControlSet\Services\winsvc => removed successfully

winsvc => service removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed

BITS transfer queue => 1572864 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17000021 B

Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 287860994 B

Windows/system/drivers => 33074615 B

Edge => 0 B

Chrome => 69835335 B

Firefox => 0 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 57995 B

ProgramData => 57995 B

Public => 57995 B

systemprofile => 57995 B

systemprofile32 => 58005 B

LocalService => 743513 B

NetworkService => 847623 B

DELL => 3006305229 B

RecycleBin => 45903368 B

EmptyTemp: => 3.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-06-2024 07:12:19)

C:\Users\DELL\AppData\LocalLow\6d1a0d74b8983cab26a68cd0cdace1fb63918ce4f5f6aeaeeefb13009d6d5154 => Is moved successfully

==== End of Fixlog 07:12:19 ====

Here's FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.06.2024

Ran by DELL (administrator) on K3NANZ (Dell Inc. Latitude 3520) (14-06-2024 07:13:44)

Running from C:\Users\DELL\Desktop\FRST64.exe

Loaded Profiles: DELL

Platform: Microsoft Windows 11 Pro Version 22H2 22621.3593 (X64) Language: English (United States)

Default browser: Opera

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avpui.exe

(C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Lively.exe ->) (D80CB9E2-21E6-4D9B-8533-660C768F3C5B -> ) C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Plugins\Watchdog\Lively.Watchdog.exe

(C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Lively.exe ->) (D80CB9E2-21E6-4D9B-8533-660C768F3C5B -> rocksdanister) C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Plugins\Cef\Lively.PlayerCefSharp.exe

(C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Plugins\Cef\Lively.PlayerCefSharp.exe ->) (D80CB9E2-21E6-4D9B-8533-660C768F3C5B -> The CefSharp Authors) C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Plugins\Cef\CefSharp.BrowserSubprocess.exe <5>

(C:\Program Files\WindowsApps\MicrosoftTeams_24137.2402.2884.4157_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe <6>

(C:\Users\DELL\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\DELL\AppData\Local\Programs\Opera GX\109.0.5097.130\opera_crashreporter.exe

(C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\Zalo.exe ->) (VNG CORPORATION -> ) C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\plugins\capture\ZaloCall.exe

(C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\Zalo.exe ->) (VNG CORPORATION -> ) C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\plugins\capture\ZaloCap.exe

(C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\Zalo.exe ->) (VNG CORPORATION -> ) C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\plugins\capture\ZaviMeet.exe

(Discord Inc. -> Discord Inc.) C:\Users\DELL\AppData\Local\Discord\app-1.0.9149\Discord.exe <6>

(DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxEMN.exe

(DriverStore\FileRepository\dptf_cpu.inf_amd64_fa6b3fb2c05394c2\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_fa6b3fb2c05394c2\dptf_helper.exe

(explorer.exe ->) (BLIFE TEAM, TOV -> Blife) C:\Users\DELL\AppData\Local\Blife\CustomCursor\CustomCursor.exe

(explorer.exe ->) (Cloudflare, Inc. -> Cloudflare) C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>

(explorer.exe ->) (Opera Software AS -> Opera Software) C:\Users\DELL\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe <2>

(explorer.exe ->) (Privado Networks AG -> Privado Networks AG) C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.exe

(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesSvc64.exe

(Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2404.10.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <2>

(Opera Norway AS -> Opera Software) C:\Users\DELL\AppData\Local\Programs\Opera GX\opera.exe <27>

(services.exe ->) (Cloudflare, Inc. -> ) C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe

(services.exe ->) (DUC FABULOUS CO.,LTD -> ) C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe

(services.exe ->) (FabulaTech, LLP -> ) C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe

(services.exe ->) (FabulaTech, LLP -> ) C:\Program Files\Common Files\VMware\ScannerRedirection\ftscanmgrhv.exe

(services.exe ->) (FabulaTech, LLP -> VMware) C:\Program Files\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe

(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe

(services.exe ->) (Intel Corporation -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3de31b09a0024837\OneApp.IGCC.WinService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxCUIServiceN.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_fa6b3fb2c05394c2\esif_uf.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1462ab0d367b063b\IntelCpHDCPSvc.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe

(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_9783a0a827c7c2a2\lib\TPMProvisioningService.exe

(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe

(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>

(services.exe ->) (Privado Networks AG -> Privado Networks AG) C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.Service.exe

(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <3>

(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files\VMware\Endpoint Telemetry Service\vmwetlm.exe

(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe

(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesAudioService.exe

(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesSysSvc64.exe

(sihost.exe ->) (D80CB9E2-21E6-4D9B-8533-660C768F3C5B -> Lively) C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.144.0_x64__97hta09mmv6hy\Build\Lively.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.3522_none_e93c247a42e7cbb6\TiWorker.exe

(VNG CORPORATION -> VNG Corp.) C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo-24.6.2\Zalo.exe <5>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesSvc64.exe [4984408 2022-10-03] (Waves Inc -> Waves Audio Ltd.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750672 2024-03-13] (Oracle America, Inc. -> Oracle Corporation)

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\92.0.0.0\GoogleDriveFS.exe --startup_mode (No File)

HKU\S-1-5-19\...\Policies\Explorer: [HideSCAMeetNow] 1

HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\92.0.0.0\GoogleDriveFS.exe --startup_mode (No File)

HKU\S-1-5-20\...\Policies\Explorer: [HideSCAMeetNow] 1

HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [Opera GX Stable] => C:\Users\DELL\AppData\Local\Programs\Opera GX\launcher.exe [2251680 2024-06-13] (Opera Norway AS -> Opera Software)

HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [Zalo] => C:\Users\DELL\AppData\Local\Programs\Zalo\Zalo.exe [789328 2024-01-17] (VNG CORPORATION -> VNG Corp.)

HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [PrivadoVPN] => C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.exe [3636064 2024-06-11] (Privado Networks AG -> Privado Networks AG)

HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [Opera GX Browser Assistant] => C:\Users\DELL\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)

HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [MicrosoftEdgeAutoLaunch_6B770857D9B81538FA9524CBB2D560C5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4136912 2024-06-06] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [CustomCursor] => C:\Users\DELL\AppData\Local\Blife\CustomCursor\CustomCursor.exe [553120 2023-04-07] (BLIFE TEAM, TOV -> Blife)

HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Run: [Discord] => C:\Users\DELL\AppData\Local\Discord\Update.exe [1525024 2024-03-18] (Discord Inc. -> GitHub)

HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\...\Policies\Explorer: [HideSCAMeetNow] 1

HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\92.0.0.0\GoogleDriveFS.exe --startup_mode (No File)

HKU\S-1-5-18\...\Policies\Explorer: [HideSCAMeetNow] 1

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\125.0.6422.142\Installer\chrmstp.exe [2024-06-05] (Google LLC -> Google LLC)

Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EVKey.lnk [2023-05-20]

ShortcutTarget: EVKey.lnk -> C:\Program Files\EVKey\EVKey.exe (No File)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cloudflare WARP.lnk [2024-04-06]

ShortcutTarget: Cloudflare WARP.lnk -> C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe (Cloudflare, Inc. -> Cloudflare)

GroupPolicy: Restriction - Chrome <==== ATTENTION

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03C49304-7D95-46F4-A14A-85527CB8B18A} - System32\Tasks\CocCocUpdateTaskMachineUA => C:\Program Files (x86)\CocCoc\Update\CocCocUpdate.exe [117656 2023-05-20] (COC COC COMPANY LIMITED -> Coc Coc Co., Ltd.)

Task: {A253EE69-A9E7-49A7-9352-02FAA2CFCB97} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem127.0.6490.0{7A32474E-B921-446E-A6A0-C2679479AC5E} => C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)

Task: {3CD3AF78-E7D1-479A-A0EB-BDD6672ACD4D} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_9783a0a827c7c2a2\lib\IntelPTTEKRecertification.exe [855776 2023-09-04] (Intel Corporation -> Intel® Corporation)

Task: {0BE999BD-844A-44F6-9275-05A6D719A365} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2024-06-10] (Kaspersky Lab JSC -> AO Kaspersky Lab)

Task: {A9ACBD26-47F9-440E-BDCF-28C018A7BEDA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28498912 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)

Task: {506F0E63-11A1-4042-9FDF-A1480F84F685} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28498912 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)

Task: {850ED258-20AB-4302-A4CD-3E95EFEC6E28} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221336 2024-06-03] (Microsoft Corporation -> Microsoft Corporation)

Task: {2850A702-2D05-46DE-A741-DD994AA14E1D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221336 2024-06-03] (Microsoft Corporation -> Microsoft Corporation)

Task: {70570095-076B-4A52-93AE-4659EC465538} - System32\Tasks\Microsoft\Windows\WaaSMedic\PerformRemediation => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}

Task: {32EC8E28-58FE-4FA0-8E8E-06F6D5146B42} - System32\Tasks\Opera GX scheduled Autoupdate 1708765422 => C:\Users\DELL\AppData\Local\Programs\Opera GX\launcher.exe [2251680 2024-06-13] (Opera Norway AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 view-localhost # view localhost server

Tcpip\Parameters: [DhcpNameServer] 192.168.88.1

Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}: [DhcpNameServer] 192.168.88.1

Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}: [DhcpDomain] lan

Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\1413930393: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\155797E68602C496E6860213: [DhcpNameServer] 192.168.2.253

Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\84F616E6760235F6E6: [DhcpNameServer] 203.113.131.2 203.113.188.6

Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\C496E6864647471343: [DhcpNameServer] 172.20.10.1

Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\E4567747F6E653D24523D2537403F5537486A7: [DhcpNameServer] 192.168.44.5

Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\E4567747F6E653D24523D2537403F5537486A7: [DhcpDomain] itotolink.net

Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\E4567747F6E653D24523F55374F55374: [DhcpNameServer] 192.168.43.3

Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\E4567747F6E653D24523F55374F55374: [DhcpDomain] itotolink.net

Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\E4567747F6E6D2534523D2537403F523C2437486A7: [DhcpNameServer] 192.168.44.5

Tcpip\..\Interfaces\{95de5e87-094f-4365-9b96-12ca927b1c71}\E4567747F6E6D2534523D2537403F523C2437486A7: [DhcpDomain] itotolink.net

Edge:

=======

Edge Profile: C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-14]

Edge DefaultSearchURL: Default -> hxxps://x-finder.pro/search?q={searchTerms}

Edge DefaultSearchKeyword: Default -> x-finder.pro

Edge DefaultSuggestURL: Default -> hxxps://x-finder.pro/search/suggest.php?q={searchTerms}

Edge Extension: (YoutubeDownloader) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\abgdohlnibdejcajjfmngebmdanjldcc [2024-06-09] [UpdateUrl:hxxps://clients74.google.com/service/update2/crx] <==== ATTENTION

Edge Extension: (Kaspersky Protection) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2024-06-10]

Edge Extension: (Rewards Search Automator) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eanofdhdfbcalhflpbdipkjjkoimeeod [2024-05-17]

Edge Extension: (Google Docs Offline) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]

Edge Extension: (Edge relevant text changes) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-02]

Edge Extension: (X-finder.pro) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem [2024-06-09]

Edge Extension: (Free VPN for Edge - VPN Proxy VeePN) - C:\Users\DELL\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\panammoooggmlehahpcjckcncfeffcoi [2024-05-17]

Edge HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]

FireFox:

========

FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found

FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found

FF Plugin-x32: @java.com/DTPlugin,version=11.411.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2024-03-13] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.411.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2024-03-13] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-08] (Microsoft Corporation -> Microsoft Corporation)

Chrome:

=======

CHR Profile: C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default [2024-06-14]

CHR DefaultSearchURL: Default -> hxxps://x-finder.pro/search?q={searchTerms}

CHR DefaultSearchKeyword: Default -> x-finder.pro

CHR DefaultSuggestURL: Default -> hxxps://x-finder.pro/search/suggest.php?q={searchTerms}

CHR Extension: (Kaspersky Protection) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2024-06-13]

CHR Extension: (uBlock Origin) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-06-13]

CHR Extension: (YoutubeDownloader) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo [2024-06-09] [UpdateUrl:hxxps://clients27.google.com/service/update2/crx] <==== ATTENTION

CHR Extension: (Google Tài liệu ngoại tuyến) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-31]

CHR Extension: (Absolute Enable Right Click & Copy) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdocbkpgdakpekjlhemmfcncgdjeiika [2024-03-22]

CHR Extension: (Trình chạy ứng dụng dành cho Drive (của Google)) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2024-03-04]

CHR Extension: (Thanh toán trên cửa hàng Chrome trực tuyến) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-24]

CHR Extension: (X-finder.pro) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem [2024-06-09]

CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2024-06-02]

CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

CHR HKU\S-1-5-21-2281438141-2336456411-1489610899-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

Opera:

=======

StartMenuInternet: (HKU\S-1-5-21-2281438141-2336456411-1489610899-1002) Opera GXStable - "C:\Users\DELL\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Services (All) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AarSvc; C:\Windows\System32\AarSvc.dll [720896 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 AarSvc; C:\Windows\SysWOW64\AarSvc.dll [524800 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 AarSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 AarSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 AJRouter; C:\Windows\System32\AJRouter.dll [49152 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 ALG; C:\Windows\System32\alg.exe [110592 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [114688 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

R3 Appinfo; C:\Windows\System32\appinfo.dll [315392 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 AppMgmt; C:\Windows\System32\appmgmts.dll [225280 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 AppMgmt; C:\Windows\SysWOW64\appmgmts.dll [162816 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 AppReadiness; C:\Windows\system32\AppReadiness.dll [860160 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S4 AppVClient; C:\Windows\system32\AppVClient.exe [771480 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [6119424 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 AssignedAccessManagerSvc; C:\Windows\System32\assignedaccessmanagersvc.dll [962560 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [561152 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [2060288 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 autotimesvc; C:\Windows\System32\autotimesvc.dll [139264 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe [184768 2022-08-02] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [167936 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 BcastDVRUserService; C:\Windows\System32\BcastDVRUserService.dll [1548288 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 BcastDVRUserService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 BcastDVRUserService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R3 BDESVC; C:\Windows\System32\bdesvc.dll [643072 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 BFE; C:\Windows\System32\bfe.dll [933888 2024-03-15] (Microsoft Windows -> Microsoft Corporation)

S3 BluetoothUserService; C:\Windows\System32\Microsoft.Bluetooth.UserService.dll [499712 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 BluetoothUserService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R3 BluetoothUserService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 BrokerInfrastructure; C:\Windows\System32\psmsrv.dll [290816 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 BTAGService; C:\Windows\System32\BTAGService.dll [1077248 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 BTAGService; C:\Windows\SysWOW64\BTAGService.dll [833024 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 BthAvctpSvc; C:\Windows\System32\BthAvctpSvc.dll [491520 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 bthserv; C:\Windows\system32\bthserv.dll [294912 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 camsvc; C:\Windows\system32\CapabilityAccessManager.dll [864256 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 CaptureService; C:\Windows\System32\CaptureService.dll [180224 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 CaptureService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 CaptureService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S2 cbdhsvc; C:\Windows\System32\cbdhsvc.dll [1056768 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 cbdhsvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 cbdhsvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 CDPSvc; C:\Windows\System32\CDPSvc.dll [704512 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [610304 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 CDPUserSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 CDPUserSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 CertPropSvc; C:\Windows\System32\certprop.dll [221184 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14012520 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)

R2 client_service; C:\Program Files\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [631232 2024-03-22] (VMware, Inc. -> VMware, Inc.)

R3 ClipSVC; C:\Windows\System32\ClipSVC.dll [1290616 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 CloudBackupRestoreSvc; C:\Windows\System32\CloudRestoreLauncher.dll [1560576 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 CloudBackupRestoreSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 CloudBackupRestoreSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 CloudflareWARP; C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe [32154176 2024-03-29] (Cloudflare, Inc. -> )

S3 cloudidsvc; C:\Windows\system32\cloudidsvc.dll [131072 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S2 coccoc; C:\Program Files (x86)\CocCoc\Update\CocCocUpdate.exe [117656 2023-05-20] (COC COC COMPANY LIMITED -> Coc Coc Co., Ltd.)

S3 CocCocElevationService; C:\Program Files\CocCoc\Browser\Application\124.0.6367.172\elevation_service.exe [1740976 2024-05-07] (COC COC COMPANY LIMITED -> Coc Coc Company Limited)

S3 coccocm; C:\Program Files (x86)\CocCoc\Update\CocCocUpdate.exe [117656 2023-05-20] (COC COC COMPANY LIMITED -> Coc Coc Co., Ltd.)

S3 COMSysApp; C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [46416 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 COMSysApp; C:\Windows\SysWOW64\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [20832 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 ConsentUxUserSvc; C:\Windows\System32\ConsentUxClient.dll [204800 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 ConsentUxUserSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 ConsentUxUserSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [1274184 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [834288 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 cplspcon; C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1462ab0d367b063b\IntelCpHDCPSvc.exe [367216 2024-01-29] (Intel Corporation -> Intel Corporation)

S3 CredentialEnrollmentManagerUserSvc; C:\Windows\system32\CredentialEnrollmentManager.exe [422888 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 CredentialEnrollmentManagerUserSvc_7ecd2; C:\Windows\system32\CredentialEnrollmentManager.exe [422888 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [126976 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 CscService; C:\Windows\System32\cscsvc.dll [786432 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 DcomLaunch; C:\Windows\system32\rpcss.dll [1433600 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 dcsvc; C:\Windows\system32\dcsvc.dll [946176 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 defragsvc; C:\Windows\System32\defragsvc.dll [552960 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 DeviceAssociationBrokerSvc; C:\Windows\System32\deviceaccess.dll [265872 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 DeviceAssociationBrokerSvc; C:\Windows\SysWOW64\deviceaccess.dll [189640 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 DeviceAssociationBrokerSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 DeviceAssociationBrokerSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 DeviceAssociationService; C:\Windows\system32\das.dll [630784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 DeviceInstall; C:\Windows\system32\umpnpmgr.dll [167936 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 DevicePickerUserSvc; C:\Windows\System32\Windows.Devices.Picker.dll [495616 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 DevicePickerUserSvc; C:\Windows\SysWOW64\Windows.Devices.Picker.dll [355840 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 DevicePickerUserSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 DevicePickerUserSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 DevicesFlowUserSvc; C:\Windows\System32\DevicesFlowBroker.dll [671744 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 DevicesFlowUserSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 DevicesFlowUserSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [53248 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R2 Dhcp; C:\Windows\system32\dhcpcore.dll [427488 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [337792 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [114688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 diagsvc; C:\Windows\system32\DiagSvc.dll [253952 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 DiagTrack; C:\Windows\system32\diagtrack.dll [4751360 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S4 DialogBlockingService; C:\Windows\System32\DialogBlockingService.dll [98304 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 DispBrokerDesktopSvc; C:\Windows\System32\DispBroker.Desktop.dll [491520 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 DisplayEnhancementService; C:\Windows\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [1273856 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [1187840 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [948224 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [143360 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [472480 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 dot3svc; C:\Windows\System32\dot3svc.dll [409600 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 DPS; C:\Windows\system32\dps.dll [180224 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [311296 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 DsSvc; C:\Windows\System32\DsSvc.dll [180224 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 DusmSvc; C:\Windows\System32\dusmsvc.dll [450560 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 EapHost; C:\Windows\System32\eapsvc.dll [122880 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [215992 2022-04-12] (Microsoft Corporation -> Microsoft Corporation)

S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [215992 2022-04-12] (Microsoft Corporation -> Microsoft Corporation)

S3 EFS; C:\Windows\system32\efssvc.dll [118784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [176128 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [647168 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 esifsvc; C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_fa6b3fb2c05394c2\esif_uf.exe [2283152 2021-09-09] (Intel Corporation -> Intel Corporation)

R2 EventLog; C:\Windows\System32\wevtsvc.dll [1331200 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 EventSystem; C:\Windows\system32\es.dll [438272 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

R2 EventSystem; C:\Windows\SysWOW64\es.dll [331264 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

R3 fdPHost; C:\Windows\system32\fdPHost.dll [40960 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R3 FDResPub; C:\Windows\system32\fdrespub.dll [57344 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 fhsvc; C:\Windows\system32\fhsvc.dll [139264 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

R2 FontCache; C:\Windows\system32\FntCache.dll [1409024 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [45992 2022-05-06] (Microsoft Corporation -> Microsoft Corporation)

R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2357864 2020-08-31] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)

S3 FrameServer; C:\Windows\system32\FrameServer.dll [1335296 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 FrameServerMonitor; C:\Windows\system32\FrameServerMonitor.dll [348160 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [483400 2022-11-21] (FabulaTech, LLP -> )

R2 ftscanmgrhv; C:\Program Files\Common Files\VMware\ScannerRedirection\ftscanmgrhv.exe [303688 2023-10-25] (FabulaTech, LLP -> )

S3 GameInputSvc; C:\Windows\System32\GameInputSvc.exe [75272 2024-04-11] (Microsoft Corporation -> Microsoft Corporation)

S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\125.0.6422.142\elevation_service.exe [1781536 2024-05-30] (Google LLC -> Google LLC)

S2 GoogleUpdaterInternalService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)

S2 GoogleUpdaterService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)

R2 gpsvc; C:\Windows\System32\gpsvc.dll [1359872 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 GraphicsPerfSvc; C:\Windows\System32\GraphicsPerfSvc.dll [266240 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S4 HfcDisableService; C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ac65d2dfc98d80ce\HfcDisableService.exe [1710280 2022-11-02] (Intel Corporation -> Intel Corporation)

R3 hidserv; C:\Windows\system32\hidserv.dll [73728 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [43008 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 HvHost; C:\Windows\System32\hvhostsvc.dll [91520 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 iaStorAfsService; C:\Windows\System32\iaStorAfsService.exe [3234504 2022-11-02] (Intel Corporation -> Intel Corporation)

S3 icssvc; C:\Windows\System32\tetheringservice.dll [278528 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 igccservice; C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3de31b09a0024837\OneApp.IGCC.WinService.exe [59720 2024-01-29] (Intel Corporation -> )

R2 igfxCUIService2.0.0.0; C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_19704598c1c9840a\igfxCUIServiceN.exe [395888 2024-01-29] (Intel Corporation -> Intel Corporation)

R2 IKEEXT; C:\Windows\System32\ikeext.dll [1531904 2024-03-15] (Microsoft Windows -> Microsoft Corporation)

S3 InstallService; C:\Windows\system32\InstallService.dll [2945024 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 InstallService; C:\Windows\SysWOW64\InstallService.dll [2125824 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_367008a610747d24\lib\SocketHeciServer.exe [803320 2022-12-20] (Intel Corporation -> Intel® Corporation)

R2 Intel® TPM Provisioning Service; C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_9783a0a827c7c2a2\lib\TPMProvisioningService.exe [762584 2023-09-04] (Intel Corporation -> Intel® Corporation)

R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe [530520 2023-10-18] (Intel Corporation -> Intel)

S3 InventorySvc; C:\Windows\system32\inventorysvc.dll [304624 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [843776 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 IpxlatCfgSvc; C:\Windows\System32\IpxlatCfg.dll [81920 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R2 jhi_service; C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe [630280 2023-07-11] (Intel Corporation -> Intel Corporation)

R3 KeyIso; C:\Windows\system32\keyiso.dll [118784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [70656 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S2 KSDE5.17; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.17\ksde.exe [32008 2024-04-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S3 KtmRm; C:\Windows\system32\msdtckrm.dll [397312 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

R2 LanmanServer; C:\Windows\system32\srvsvc.dll [385024 2024-04-11] (Microsoft Windows -> Microsoft Corporation)

R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [364544 2024-04-11] (Microsoft Windows -> Microsoft Corporation)

R3 lfsvc; C:\Windows\System32\lfsvc.dll [86016 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [143360 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [303104 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 lmhosts; C:\Windows\System32\lmhsvc.dll [59240 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R2 LSM; C:\Windows\System32\lsm.dll [897024 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 LxpSvc; C:\Windows\System32\LanguageOverlayServer.dll [618496 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S2 MapsBroker; C:\Windows\System32\moshost.dll [118784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 McpManagementService; C:\Windows\System32\McpManagementService.dll [274432 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 MessagingService; C:\Windows\System32\MessagingService.dll [106496 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 MessagingService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 MessagingService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe [1905600 2024-06-06] (Microsoft Corporation -> Microsoft Corporation)

S3 MixedRealityOpenXRSvc; C:\Windows\System32\MixedRealityRuntime.dll [166808 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 MixedRealityOpenXRSvc; C:\Windows\SysWOW64\MixedRealityRuntime.dll [116832 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 mpssvc; C:\Windows\system32\mpssvc.dll [1372160 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 MSDTC; C:\Windows\System32\msdtc.exe [167936 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [180224 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 msiserver; C:\Windows\system32\msiexec.exe /V [176128 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 msiserver; C:\Windows\SysWOW64\msiexec.exe /V [145408 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S4 MsKeyboardFilter; C:\Windows\System32\KeyboardFilterSvc.dll [193904 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 NaturalAuthentication; C:\Windows\System32\NaturalAuth.dll [434176 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 NcaSvc; C:\Windows\System32\ncasvc.dll [188416 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R3 NcbService; C:\Windows\System32\ncbservice.dll [344064 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [118784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 Netlogon; C:\Windows\system32\netlogon.dll [888832 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [730624 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 Netman; C:\Windows\System32\netman.dll [282624 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R3 netprofm; C:\Windows\System32\netprofmsvc.dll [1798144 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [315392 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [132520 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)

R3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [761856 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 NgcSvc; C:\Windows\system32\ngcsvc.dll [1134592 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 NlaSvc; C:\Windows\System32\netprofmsvc.dll [1798144 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 NPSMSvc; C:\Windows\System32\npsm.dll [225280 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 NPSMSvc; C:\Windows\SysWOW64\npsm.dll [168448 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 NPSMSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 NPSMSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 nsi; C:\Windows\system32\nsisvc.dll [57344 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2004680 2021-09-14] (Nvidia Corporation -> NVIDIA Corporation)

S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [389120 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S2 OneSyncSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S2 OneSyncSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [376832 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 p2psvc; C:\Windows\system32\p2psvc.dll [454656 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 P9RdrService; C:\Windows\system32\p9rdrservice.dll [122880 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 P9RdrService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 P9RdrService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 PcaSvc; C:\Windows\System32\pcasvc.dll [1029608 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1896448 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 PenService; C:\Windows\System32\PenService.dll [303104 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 PenService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 PenService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 perceptionsimulation; C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe [241664 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [22016 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 PhoneSvc; C:\Windows\System32\PhoneService.dll [1089536 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [221184 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 PimIndexMaintenanceSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 PimIndexMaintenanceSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 pla; C:\Windows\system32\pla.dll [1552384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 pla; C:\Windows\SysWOW64\pla.dll [1547776 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R3 PlugPlay; C:\Windows\system32\umpnpmgr.dll [167936 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [49152 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [376832 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [434176 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R2 Power; C:\Windows\system32\umpo.dll [208896 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [4075520 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 PrintWorkflowUserSvc; C:\Windows\System32\PrintWorkflowService.dll [442368 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 PrintWorkflowUserSvc; C:\Windows\SysWOW64\PrintWorkflowService.dll [362496 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 PrintWorkflowUserSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 PrintWorkflowUserSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 PrivadoVPN.Service; C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.Service.exe [76128 2024-06-11] (Privado Networks AG -> Privado Networks AG)

R2 ProfSvc; C:\Windows\system32\profsvc.dll [626688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.2.11\ProtonVPNService.exe [474824 2024-03-27] (Proton AG -> ProtonVPN)

S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.WireGuardService.exe [474312 2024-03-27] (Proton AG -> ProtonVPN)

S3 PushToInstall; C:\Windows\system32\PushToInstall.dll [438272 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 QWAVE; C:\Windows\system32\qwave.dll [319488 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 QWAVE; C:\Windows\SysWOW64\qwave.dll [253440 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 RasAuto; C:\Windows\System32\rasauto.dll [135168 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R2 RasMan; C:\Windows\System32\rasmans.dll [1101824 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S4 RemoteAccess; C:\Windows\System32\mprdim.dll [512000 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [410112 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [192512 2024-03-15] (Microsoft Windows -> Microsoft Corporation)

S3 RetailDemo; C:\Windows\system32\RDXService.dll [806912 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 RmSvc; C:\Windows\System32\RMapi.dll [225280 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [139264 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 RpcLocator; C:\Windows\system32\locator.exe [28672 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R2 RpcSs; C:\Windows\system32\rpcss.dll [1433600 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S2 RstMwService; C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_74e28d819fb21cc3\RstMwService.exe [2058440 2022-12-23] (Intel Corporation -> Intel Corporation)

R2 RtkAudioUniversalService; C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

R2 SamSs; C:\Windows\system32\lsass.exe [84096 2024-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [299008 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [204800 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 Schedule; C:\Windows\system32\schedsvc.dll [811008 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 SCPolicySvc; C:\Windows\System32\certprop.dll [221184 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [176128 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 seclogon; C:\Windows\system32\seclogon.dll [53248 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

R3 SecurityHealthService; C:\Windows\system32\SecurityHealthService.exe [146064 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 SEMgrSvc; C:\Windows\system32\SEMgrSvc.dll [1306624 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 SENS; C:\Windows\System32\sens.dll [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1191936 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 SensorService; C:\Windows\system32\SensorService.dll [884736 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [200704 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 SessionEnv; C:\Windows\system32\sessenv.dll [598016 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [469504 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S4 SgrmBroker; C:\Windows\system32\Sgrm\SgrmBroker.exe [414768 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [683312 2024-04-11] (Microsoft Windows -> Microsoft Corporation)

S3 SharedRealitySvc; C:\Windows\System32\SharedRealitySvc.dll [339968 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [270336 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [223232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [241664 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 smphost; C:\Windows\System32\smphost.dll [66928 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 smphost; C:\Windows\SysWOW64\smphost.dll [46560 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [643072 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 SNMPTrap; C:\Windows\System32\snmptrap.exe [36864 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 spectrum; C:\Windows\system32\spectrum.exe [770048 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 Spooler; C:\Windows\System32\spoolsv.exe [925696 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S2 sppsvc; C:\Windows\system32\sppsvc.exe [4769752 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [299008 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [393216 2022-05-06] (Microsoft Windows -> )

R2 SstpSvc; C:\Windows\system32\sstpsvc.dll [180224 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

R2 StateRepository; C:\Windows\system32\windows.staterepository.dll [6889576 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [5701800 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 StiSvc; C:\Windows\System32\wiaservc.dll [802816 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 StorSvc; C:\Windows\system32\storsvc.dll [888832 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 svsvc; C:\Windows\system32\svsvc.dll [36864 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R3 swprv; C:\Windows\System32\swprv.dll [475136 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R2 SysMain; C:\Windows\system32\sysmain.dll [1019904 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [245760 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 TapiSrv; C:\Windows\System32\tapisrv.dll [339968 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [257024 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [254088 2021-10-12] (Intel Corporation -> Intel Corporation)

S3 TermService; C:\Windows\System32\termsrv.dll [1314816 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 TextInputManagementService; C:\Windows\System32\TabSvc.dll [274432 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 Themes; C:\Windows\system32\themeservice.dll [114688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [344064 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [184320 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R3 TokenBroker; C:\Windows\System32\TokenBroker.dll [1826816 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 TokenBroker; C:\Windows\SysWOW64\TokenBroker.dll [1367552 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 TrkWks; C:\Windows\System32\trkwks.dll [139264 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 TroubleshootingSvc; C:\Windows\system32\MitigationClient.dll [548864 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [226688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [208896 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S4 tzautoupdate; C:\Windows\SysWOW64\tzautoupdate.dll [159744 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 UdkUserSvc; C:\Windows\System32\windowsudkservices.shellcommon.dll [118784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 UdkUserSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R3 UdkUserSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S4 UevAgentService; C:\Windows\system32\AgentService.exe [1175552 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S4 uhssvc; C:\Program Files\Microsoft Update Health Tools\uhssvc.exe [402904 2023-09-25] (Microsoft Windows -> Microsoft Corporation)

R2 UltraViewService; C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe [230736 2022-11-12] (DUC FABULOUS CO.,LTD -> )

S3 UmRdpService; C:\Windows\System32\umrdp.dll [446464 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1146880 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [933376 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 UnistoreSvc_7ecd2; C:\Windows\System32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 UnistoreSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 upnphost; C:\Windows\System32\upnphost.dll [503808 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [334848 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1605632 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 UserDataSvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 UserDataSvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 UserManager; C:\Windows\System32\usermgr.dll [1662976 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 VacSvc; C:\Windows\System32\vac.dll [431160 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [393216 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 vds; C:\Windows\System32\vds.exe [692224 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 vmicguestinterface; C:\Windows\System32\icsvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 vmicheartbeat; C:\Windows\System32\icsvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 vmickvpexchange; C:\Windows\System32\icsvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 vmicrdv; C:\Windows\System32\icsvcext.dll [143360 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 vmicshutdown; C:\Windows\System32\icsvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 vmictimesync; C:\Windows\System32\icsvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 vmicvmsession; C:\Windows\System32\icsvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 vmicvss; C:\Windows\System32\icsvcvss.dll [337280 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 VMUSBArbService; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [1055168 2024-01-19] (VMware, Inc. -> VMware, Inc.)

R2 vmwetlm; C:\Program Files\VMware\Endpoint Telemetry Service\vmwetlm.exe [6327256 2024-01-09] (VMware, Inc. -> VMware, Inc.)

S3 VMWOSQEXT; C:\Program Files\VMware\Endpoint Telemetry Service\vmwosqext.exe [3758512 2023-12-26] (VMware, Inc. -> VMware, Inc.)

R2 vmwsprrdpwks; C:\Program Files\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [803400 2023-04-04] (FabulaTech, LLP -> VMware)

R3 VSS; C:\Windows\system32\vssvc.exe [1449984 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 W32Time; C:\Windows\system32\w32time.dll [557056 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 WalletService; C:\Windows\system32\WalletService.dll [458752 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 WarpJITSvc; C:\Windows\System32\Windows.WARP.JITService.dll [86016 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 WavesAudioService; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesAudioService.exe [160856 2022-10-03] (Waves Inc -> Waves Audio Ltd)

R2 WavesSysSvc; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_f7373b847419c8d1\WavesSysSvc64.exe [4497496 2022-10-03] (Waves Inc -> Waves Audio Ltd.)

S3 wbengine; C:\Windows\system32\wbengine.exe [1531904 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [929792 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [1249280 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [487424 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 WdiServiceHost; C:\Windows\system32\wdi.dll [114688 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [80896 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R3 WdiSystemHost; C:\Windows\system32\wdi.dll [114688 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [80896 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WebClient; C:\Windows\System32\webclnt.dll [249856 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [193024 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R3 webthreatdefsvc; C:\Windows\System32\webthreatdefsvc.dll [206208 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S2 webthreatdefusersvc; C:\Windows\System32\webthreatdefusersvc.dll [312688 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 webthreatdefusersvc_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 webthreatdefusersvc_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 Wecsvc; C:\Windows\system32\wecsvc.dll [217088 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [53248 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [102400 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

R3 WerSvc; C:\Windows\System32\WerSvc.dll [311296 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 WFDSConMgrSvc; C:\Windows\System32\wfdsconmgrsvc.dll [667648 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 WiaRpc; C:\Windows\System32\wiarpc.dll [118784 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)

R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [1282464 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [897288 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [245760 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 WinRM; C:\Windows\system32\WsmSvc.dll [2850816 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [2338304 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 WireGuardTunnel$PrivadoVPN; C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.Wireguard.Service.exe [32608 2024-06-11] (Privado Networks AG -> Privado Networks AG)

S3 wisvc; C:\Windows\system32\flightsettings.dll [1117184 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 wisvc; C:\Windows\SysWOW64\flightsettings.dll [913800 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 WlanSvc; C:\Windows\System32\wlansvc.dll [2809856 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 wlidsvc; C:\Windows\system32\wlidsvc.dll [2064384 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 wlpasvc; C:\Windows\System32\lpasvc.dll [1224704 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 WManSvc; C:\Windows\system32\Windows.Management.Service.dll [1523712 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 WManSvc; C:\Windows\SysWOW64\Windows.Management.Service.dll [1187840 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [200704 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

R2 WMIRegistrationService; C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe [144064 2023-09-20] (Intel Corporation -> Intel Corporation)

S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [942080 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [2086384 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 WpcMonSvc; C:\Windows\System32\WpcDesktopMonSvc.dll [1949696 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [118784 2024-02-24] (Microsoft Windows -> Microsoft Corporation)

R2 WpnService; C:\Windows\system32\WpnService.dll [266240 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S2 WpnUserService; C:\Windows\System32\WpnUserService.dll [106496 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 WpnUserService_7ecd2; C:\Windows\system32\svchost.exe [79920 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WpnUserService_7ecd2; C:\Windows\SysWOW64\svchost.exe [48096 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 wscsvc; C:\Windows\System32\wscsvc.dll [402368 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WSearch; C:\Windows\system32\SearchIndexer.exe [966656 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [716288 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 WwanSvc; C:\Windows\System32\wwansvc.dll [1470464 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [1044480 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1040384 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 XboxGipSvc; C:\Windows\System32\XboxGipSvc.dll [131072 2024-05-16] (Microsoft Windows -> Microsoft Corporation)

S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1392640 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [532480 2023-05-14] (Microsoft Corporation) [File not signed]

S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [184320 2023-05-14] (Microsoft Corporation) [File not signed]

S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2023-05-14] (Microsoft Corporation) [File not signed]

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [237288 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 googledrivefs31357; C:\Windows\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)

R2 hcmon; C:\Windows\system32\DRIVERS\hcmon.sys [72144 2024-01-19] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)

R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-22] (Intel Corporation -> Intel Corporation)

R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-22] (Intel Corporation -> Intel Corporation)

S0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1605320 2022-12-23] (Intel Corporation -> Intel Corporation)

R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel® Corporation)

R1 klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [105280 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [206600 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [119568 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)

R1 klflt; C:\Windows\system32\DRIVERS\klflt.sys [533040 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [841528 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [2089168 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [245144 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1051184 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [90896 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [104728 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [107328 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [78088 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [88328 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R3 kltun; C:\Windows\system32\DRIVERS\kltun.sys [92200 2024-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [384656 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [358736 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [183728 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [262712 2024-06-10] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [150280 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [325400 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [294680 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)

R3 ovpn-dco; C:\Windows\System32\drivers\ovpn-dco.sys [92664 2024-03-19] (WDKTestCert lev,133391533294737317 -> OpenVPN, Inc)

S3 PrivadoVPNSplitTunneling; C:\Windows\System32\drivers\PrivadoVPNSplitTunneling.sys [29928 2023-12-01] (Privado Networks LLC -> Privado Networks AG)

S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.2.11\Resources\ProtonVPN.CalloutDriver.sys [34176 2023-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)

S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)

R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2023-10-02] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)

S3 vmwprotect; C:\Windows\system32\DRIVERS\vmwprotect.sys [176144 2024-03-18] (VMware, Inc. -> VMware, Inc.)

S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [22080 2024-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [602520 2024-06-05] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-05] (Microsoft Windows -> Microsoft Corporation)

R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_f54d0a27ac206b8c\WiManH\WiManH.sys [175672 2021-07-28] (Intel Corporation -> Intel Corporation)

S3 wintun; C:\Windows\System32\drivers\wintun.sys [29592 2024-04-06] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-14 07:15 - 2024-06-14 07:15 - 000002264 _____ C:\Users\DELL\AppData\LocalLow\d2bb5501f9a1e82f495b624129ed5f2bbfc05e5cc270a51009eecb57c7c90c7b

2024-06-14 07:14 - 2024-06-14 07:14 - 000959488 _____ (Farbar) C:\Users\DELL\Downloads\FSS.exe

2024-06-14 07:13 - 2024-06-14 07:15 - 000000466 _____ C:\Users\DELL\AppData\LocalLow\910c417c7f159199dc0b826dfb0b33c2f0152266127faa5758e27a17dc6d9318

2024-06-14 07:13 - 2024-06-14 07:14 - 000078167 _____ C:\Users\DELL\Desktop\FRST.txt

2024-06-14 07:13 - 2024-06-14 07:13 - 000106279 _____ C:\Users\DELL\AppData\LocalLow\09c012558a04e45f3dcd9e5c5790ecc00132d0a2a6c00a2fd74449796ee1d9d7

2024-06-14 07:12 - 2024-06-14 07:12 - 000023430 _____ C:\Users\DELL\AppData\LocalLow\7c20ed46f96c41e8f4707573a4b5f44f7b40b89f3834b85911e9c253e71a658b

2024-06-14 07:12 - 2024-06-14 07:12 - 000016811 _____ C:\Users\DELL\AppData\LocalLow\6d1a0d74b8983cab26a68cd0cdace1fb63918ce4f5f6aeaeeefb13009d6d5154

2024-06-14 07:12 - 2024-06-14 07:12 - 000010700 __RSH C:\ProgramData\ntuser.pol

2024-06-14 07:12 - 2024-06-14 07:12 - 000000130 _____ C:\Users\DELL\AppData\LocalLow\d184b3a61bf4be513cbb771b07df842ddf56f91b67d9cbe187f53880ca9b5c5d

2024-06-14 07:11 - 2024-06-14 07:11 - 000000000 ____D C:\Windows\system32\data

2024-06-14 07:10 - 2020-03-15 21:08 - 036144128 _____ (Microsoft Corporation) C:\Windows\system32\wincfg.exe

2024-06-14 07:10 - 2020-03-13 13:52 - 009556480 _____ (Microsoft Corporation) C:\Windows\system32\winnet.exe

2024-06-14 07:09 - 2024-06-14 07:12 - 000021185 _____ C:\Users\DELL\Desktop\Fixlog.txt

2024-06-14 07:07 - 2024-06-14 07:07 - 000000000 ____D C:\Users\DELL\Desktop\FRST-OlderVersion

2024-06-14 07:04 - 2024-06-14 07:05 - 000000000 ____D C:\AdwCleaner

2024-06-14 07:02 - 2024-06-14 07:02 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Sun

2024-06-14 07:02 - 2024-06-14 07:02 - 000000000 ____D C:\Program Files (x86)\Java

2024-06-14 06:57 - 2024-06-14 06:57 - 008790880 _____ (Malwarebytes) C:\Users\DELL\Downloads\adwcleaner_8.4.2.exe

2024-06-14 06:55 - 2024-06-14 06:55 - 000001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivadoVPN.lnk

2024-06-14 06:55 - 2024-06-14 06:55 - 000001040 _____ C:\Users\Public\Desktop\PrivadoVPN.lnk

2024-06-14 06:54 - 2024-06-14 06:54 - 002348136 _____ (Oracle Corporation) C:\Users\DELL\Downloads\JavaSetup8u411.exe

2024-06-13 17:30 - 2024-06-13 17:30 - 000004156 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1708765422

2024-06-13 09:55 - 2024-06-13 09:55 - 002147444 _____ C:\Users\DELL\Downloads\RPReplay_Final1718241500.mov

2024-06-11 09:25 - 2024-06-11 09:21 - 000002242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN.lnk

2024-06-11 09:25 - 2024-06-11 09:21 - 000002104 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk

2024-06-11 08:19 - 2024-06-11 08:19 - 000000236 _____ C:\Users\DELL\Downloads\discord_backup_codes.txt

2024-06-11 07:24 - 2024-06-14 06:55 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2024-06-10 20:39 - 2024-06-14 07:14 - 000000000 ____D C:\FRST

2024-06-10 20:37 - 2024-06-14 07:07 - 002395136 _____ (Farbar) C:\Users\DELL\Desktop\FRST64.exe

2024-06-10 19:19 - 2024-06-10 19:27 - 000001323 _____ C:\Users\DELL\Desktop\ESET Online Scanner.lnk

2024-06-10 19:16 - 2024-06-10 19:37 - 000001429 _____ C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk

2024-06-10 19:16 - 2024-06-10 19:16 - 000000000 ____D C:\Users\DELL\AppData\Local\ESET

2024-06-10 19:15 - 2024-06-10 19:15 - 008389496 _____ (ESET) C:\Users\DELL\Downloads\esetonlinescanner.exe

2024-06-10 19:02 - 2024-06-10 19:02 - 000003612 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{85476211-1900-4E01-901C-36435D9AACDE}

2024-06-10 19:02 - 2024-06-10 19:02 - 000003488 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{296C7589-FA7B-4367-9093-A8D8DA7E1AE6}

2024-06-10 18:59 - 2024-06-10 19:03 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\MMC

2024-06-10 17:47 - 2024-06-10 17:47 - 000000000 ____D C:\Users\DELL\Desktop\rkill

2024-06-10 17:37 - 2024-06-10 17:48 - 000003010 _____ C:\Users\DELL\Desktop\Rkill.txt

2024-06-10 17:37 - 2024-06-10 17:37 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\DELL\Downloads\iExplore.exe

2024-06-10 12:56 - 2024-06-10 12:56 - 000000000 ____D C:\Users\DELL\AppData\Local\VirtualStore

2024-06-10 12:27 - 2020-11-03 09:42 - 001340728 _____ (WireGuard LLC) C:\Windows\system32\winlocal.dll

2024-06-10 09:16 - 2024-06-10 09:16 - 000003240 _____ C:\Windows\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}

2024-06-10 09:15 - 2024-06-10 09:16 - 000000000 ____D C:\Program Files\Common Files\AV

2024-06-10 09:15 - 2024-06-10 09:14 - 000002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk

2024-06-10 09:15 - 2024-06-10 09:14 - 000002150 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk

2024-06-10 09:14 - 2024-06-13 11:16 - 000000000 ____D C:\ProgramData\Kaspersky Lab

2024-06-10 09:14 - 2024-06-11 09:25 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab

2024-06-10 09:14 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll

2024-06-10 09:12 - 2024-06-10 09:12 - 002752888 _____ (Kaspersky) C:\Users\DELL\Downloads\kav21.3.10.391en_26074.exe

2024-06-10 09:12 - 2024-06-10 09:12 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files

2024-06-09 18:09 - 2024-06-09 18:09 - 000001150 _____ C:\Users\Public\Desktop\Macro Recorder.lnk

2024-06-09 18:09 - 2024-06-09 18:09 - 000000000 ____D C:\Users\DELL\AppData\Local\Microsoft.Windows

2024-06-09 18:09 - 2024-06-09 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Recorder

2024-06-09 18:09 - 2024-06-09 18:09 - 000000000 ____D C:\Program Files (x86)\MacroRecorder

2024-06-09 18:08 - 2024-06-09 18:08 - 002724984 _____ (Jitbit Software ) C:\Users\DELL\Downloads\MacroRecorderSetup (1).exe

2024-06-09 18:06 - 2024-06-09 18:07 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Macro Recorder

2024-06-09 18:06 - 2024-06-09 18:06 - 000000000 ____D C:\Users\DELL\Documents\Macro Recorder

2024-06-09 18:05 - 2024-06-09 18:05 - 000000000 ____D C:\ProgramData\MacroRecorder

2024-06-09 14:22 - 2024-06-09 14:22 - 000000000 ____D C:\Program Files\AVG

2024-06-09 14:21 - 2024-06-13 08:19 - 000000000 ____D C:\Users\DELL\AppData\Local\Virtual Sound Card

2024-06-09 14:21 - 2024-06-09 14:21 - 000000000 ____D C:\Users\DELL\AppData\Local\SystemCache

2024-06-09 14:21 - 2024-06-09 14:21 - 000000000 ____D C:\Users\DELL\AppData\Local\RageMP131

2024-06-09 14:21 - 2024-06-09 14:21 - 000000000 ____D C:\ProgramData\TIME Verifier 6.9.66

2024-06-09 14:21 - 2024-06-09 14:21 - 000000000 ____D C:\Program Files (x86)\AVG

2024-06-09 14:19 - 2024-06-10 09:40 - 000000000 ____D C:\Users\DELL\Documents\SimpleAdobe

2024-06-09 13:55 - 2024-06-09 13:55 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.12

2024-06-09 13:55 - 2024-06-09 13:55 - 000000000 ____D C:\Users\DELL\AppData\Local\Package Cache

2024-06-09 13:52 - 2024-06-09 13:52 - 026772456 _____ (Python Software Foundation) C:\Users\DELL\Downloads\python-3.12.4-amd64.exe

2024-06-07 21:50 - 2024-06-07 21:51 - 014610121 _____ C:\Users\DELL\Downloads\Ta ho nuoc o cac thoi diem khac nhau trong ngay (1).pptx

2024-06-07 11:57 - 2024-06-07 11:57 - 000266363 _____ C:\Users\DELL\Downloads\tả cảnh 4 mùa mới.pdf

2024-06-07 11:03 - 2024-06-07 11:03 - 030112521 _____ C:\Users\DELL\Downloads\UMS 2024-2025 SCAN.pdf

2024-06-01 09:38 - 2024-06-01 09:38 - 005619717 _____ C:\Users\DELL\Downloads\2 yr olds learning to dance while parents pretend theyre good.mp4

2024-05-31 22:19 - 2024-05-31 22:19 - 000015092 _____ C:\Users\DELL\Downloads\Template-Pants-R6.webp

2024-05-31 21:59 - 2024-05-31 21:59 - 000124778 _____ C:\Users\DELL\Downloads\Classic-Clothing-Templates (1).zip

2024-05-31 10:44 - 2024-05-31 10:57 - 000000000 ____D C:\Users\DELL\AppData\Local\UNDERTALE

2024-05-31 10:44 - 2024-05-31 10:44 - 000000000 ____D C:\Users\Public\Documents\Steam

2024-05-31 10:43 - 2024-05-31 10:43 - 000000000 ____D C:\Users\DELL\Downloads\Undertale.v1.08

2024-05-30 21:45 - 2024-05-30 21:46 - 173441528 _____ C:\Users\DELL\Downloads\Undertale.v1.08.zip

2024-05-30 19:36 - 2024-05-30 19:37 - 025532592 _____ C:\Users\DELL\Downloads\UndertaleDemo.zip

2024-05-28 21:09 - 2024-05-28 21:09 - 001307926 _____ C:\Users\DELL\Downloads\exploiter report.mp4

2024-05-25 12:50 - 2024-05-25 12:50 - 000101963 _____ C:\Users\DELL\Downloads\Tả trăng.pdf

2024-05-23 17:40 - 2024-05-23 17:40 - 000124778 _____ C:\Users\DELL\Downloads\Classic-Clothing-Templates.zip

2024-05-20 22:30 - 2024-05-20 22:30 - 000201411 _____ C:\Users\DELL\Downloads\Đề, đáp án, lí giải NTT 2023 - 2024.pdf

2024-05-18 09:41 - 2024-05-18 09:41 - 003014656 _____ C:\Users\DELL\Downloads\AutoHotkey_2.0.15_setup.exe

2024-05-18 09:41 - 2024-05-18 09:41 - 000002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk

2024-05-18 09:41 - 2024-05-18 09:41 - 000001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Dash.lnk

2024-05-18 09:41 - 2024-05-18 09:41 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\HTML Help

2024-05-18 09:41 - 2024-05-18 09:41 - 000000000 ____D C:\Program Files\AutoHotkey

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-14 07:14 - 2024-03-24 11:08 - 000000000 ____D C:\Users\DELL\AppData\Roaming\discord

2024-06-14 07:13 - 2024-03-24 11:08 - 000000000 ____D C:\Users\DELL\AppData\Local\Discord

2024-06-14 07:12 - 2024-02-24 16:59 - 000000066 _____ C:\Users\DELL\AppData\Roaming\z_u.txt

2024-06-14 07:12 - 2024-02-24 16:59 - 000000000 ____D C:\Users\DELL\AppData\Local\ZaloPC

2024-06-14 07:12 - 2024-02-24 16:58 - 000000000 ____D C:\Users\DELL\AppData\Roaming\ZaloData

2024-06-14 07:12 - 2024-02-24 16:29 - 000000000 ____D C:\Program Files\Waves

2024-06-14 07:12 - 2024-02-24 15:39 - 000000000 ____D C:\ProgramData\NVIDIA

2024-06-14 07:12 - 2024-02-24 15:34 - 000000000 __SHD C:\Users\DELL\IntelGraphicsProfiles

2024-06-14 07:12 - 2024-02-24 15:34 - 000000000 ____D C:\Intel

2024-06-14 07:12 - 2024-02-24 08:24 - 000012288 ___SH C:\DumpStack.log.tmp

2024-06-14 07:12 - 2023-05-20 11:35 - 000000000 _____ C:\Windows\UV_LastPW.ini

2024-06-14 07:12 - 2023-05-18 12:54 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2024-06-14 07:12 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\SystemTemp

2024-06-14 07:12 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\ServiceState

2024-06-14 07:12 - 2022-05-07 12:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2024-06-14 07:11 - 2022-05-07 12:17 - 000524288 _____ C:\Windows\system32\config\BBI

2024-06-14 07:10 - 2024-02-24 21:41 - 000000000 ____D C:\Users\DELL\AppData\LocalLow\Temp

2024-06-14 07:09 - 2024-02-24 08:27 - 000000000 ____D C:\Users\DELL

2024-06-14 07:05 - 2024-02-24 15:39 - 000002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2024-06-14 06:55 - 2024-04-06 13:21 - 000000000 ____D C:\Users\DELL\AppData\Local\Cloudflare

2024-06-14 06:55 - 2024-02-25 09:35 - 000000000 ____D C:\ProgramData\Package Cache

2024-06-14 06:55 - 2022-05-07 12:22 - 000000000 ____D C:\Windows\INF

2024-06-14 06:54 - 2024-04-29 15:51 - 000000000 ____D C:\Program Files (x86)\PrivadoVPN

2024-06-13 18:42 - 2023-05-18 12:54 - 000000000 ____D C:\Windows\system32\SleepStudy

2024-06-13 17:31 - 2024-02-24 08:27 - 000000000 ___SD C:\Users\DELL\AppData\Roaming\Microsoft\Credentials

2024-06-13 17:30 - 2024-02-24 16:03 - 000001477 _____ C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser.lnk

2024-06-13 15:52 - 2024-04-29 13:19 - 000000130 _____ C:\Users\DELL\AppData\LocalLow\6bdad7e2b2f0e006a1b2964609240b6498c71fd5a1aeb1e97866f9a43779a743

2024-06-13 11:27 - 2023-05-18 13:04 - 000850324 _____ C:\Windows\system32\PerfStringBackup.INI

2024-06-13 11:02 - 2024-02-24 08:27 - 000000000 ____D C:\Users\DELL\AppData\Local\D3DSCache

2024-06-13 08:13 - 2024-03-24 11:08 - 000002290 _____ C:\Users\DELL\Desktop\Discord.lnk

2024-06-13 08:12 - 2024-04-06 13:21 - 000000000 ____D C:\ProgramData\Cloudflare

2024-06-12 08:02 - 2024-03-31 15:12 - 000000000 ____D C:\Users\DELL\AppData\Roaming\BetterDiscord Installer

2024-06-11 16:33 - 2024-02-25 16:21 - 000000138 _____ C:\Users\DELL\Downloads\tinytask.ini

2024-06-11 10:08 - 2024-03-03 14:20 - 000000000 ____D C:\Windows\Minidump

2024-06-11 10:08 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\LiveKernelReports

2024-06-11 08:48 - 2024-02-25 09:35 - 000000000 ____D C:\ProgramData\PrivadoVPN

2024-06-11 07:24 - 2024-03-16 13:14 - 000000000 ____D C:\Users\DELL\AppData\Local\Roblox

2024-06-10 19:38 - 2023-05-18 13:12 - 000000000 ____D C:\Extra

2024-06-10 15:42 - 2024-03-24 10:43 - 000000000 ____D C:\Users\DELL\AppData\Roaming\turbowarp-desktop

2024-06-10 09:14 - 2022-05-07 12:24 - 000000000 ___HD C:\Windows\ELAMBKUP

2024-06-10 09:14 - 2022-05-07 12:17 - 000032768 _____ C:\Windows\system32\config\ELAM

2024-06-10 07:23 - 2022-05-07 12:24 - 000000000 __RHD C:\Users\Public\Libraries

2024-06-09 17:26 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\AppReadiness

2024-06-09 14:30 - 2024-02-24 08:27 - 000000000 ____D C:\Users\DELL\AppData\Local\Packages

2024-06-09 14:30 - 2023-05-18 12:57 - 000000000 ____D C:\ProgramData\Packages

2024-06-09 14:30 - 2022-05-07 12:24 - 000000000 ___HD C:\Program Files\WindowsApps

2024-06-09 14:23 - 2024-02-24 16:02 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Opera Software

2024-06-09 14:21 - 2022-05-07 12:24 - 000000000 ___HD C:\Windows\system32\GroupPolicy

2024-06-09 09:54 - 2024-03-10 15:06 - 000000000 ____D C:\Users\DELL\AppData\Local\custom-cursor

2024-06-08 14:35 - 2023-05-18 12:55 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2024-06-07 22:18 - 2024-02-24 08:27 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\PowerPoint

2024-06-06 11:01 - 2023-05-20 11:24 - 000002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cốc Cốc.lnk

2024-06-06 11:01 - 2023-05-20 11:24 - 000002228 _____ C:\Users\Public\Desktop\Cốc Cốc.lnk

2024-06-05 07:45 - 2023-05-18 12:54 - 000000000 ____D C:\Windows\system32\Drivers\wd

2024-06-05 07:44 - 2024-02-24 15:39 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2024-06-03 21:05 - 2023-05-20 11:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

2024-05-30 19:58 - 2022-05-07 12:20 - 000520192 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe

2024-05-30 19:58 - 2022-05-07 12:20 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe

2024-05-30 19:58 - 2022-05-07 12:20 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe

2024-05-30 19:58 - 2022-05-07 12:20 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll

2024-05-30 19:58 - 2022-05-07 12:20 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll

2024-05-30 19:58 - 2022-05-07 12:17 - 000000000 ____D C:\Windows\CbsTemp

2024-05-29 14:43 - 2024-02-24 19:19 - 000000000 ____D C:\Users\DELL\Documents\Zalo Received Files

2024-05-25 12:49 - 2024-02-24 08:27 - 000000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Word

2024-05-20 21:14 - 2024-02-24 15:38 - 000000000 ____D C:\Program Files (x86)\Google

2024-05-16 17:35 - 2022-05-07 12:24 - 000000000 ____D C:\ProgramData\USOPrivate

2024-05-16 17:19 - 2023-05-18 12:54 - 000566784 _____ C:\Windows\system32\FNTCACHE.DAT

2024-05-16 17:18 - 2024-02-24 16:14 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView

2024-05-16 17:18 - 2023-05-14 10:29 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents

2024-05-16 17:18 - 2023-05-14 10:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___SD C:\Windows\SysWOW64\F12

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___SD C:\Windows\system32\UNP

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___SD C:\Windows\system32\F12

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___RD C:\Windows\PrintDialog

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\UUS

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\SysWOW64\Dism

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\SystemResources

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\SystemApps

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\WinMetadata

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\WinBioPlugIns

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\SystemResetPlatform

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\ShellExperiences

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\Sgrm

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\PerceptionSimulation

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\oobe

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\migwiz

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\Dism

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\system32\appraiser

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\ShellExperiences

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\ShellComponents

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\PolicyDefinitions

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\BrowserCore

2024-05-16 17:18 - 2022-05-07 12:24 - 000000000 ____D C:\Windows\bcastdvr

2024-05-16 17:18 - 2022-05-07 12:17 - 000000000 ____D C:\Windows\servicing

2024-05-16 16:28 - 2024-03-03 12:49 - 000000000 ____D C:\Users\DELL\AppData\Local\GeometryDash

2024-05-16 09:48 - 2024-02-24 15:55 - 000000000 ____D C:\Windows\system32\MRT

2024-05-16 09:38 - 2023-05-18 12:59 - 003214336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

2024-05-16 09:36 - 2024-02-24 15:59 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER

==================== Files in the root of some directories ========

2024-02-24 16:58 - 2024-02-24 16:58 - 000000025 _____ () C:\Users\DELL\AppData\Roaming\zmeta.json

2024-02-24 16:59 - 2024-06-14 07:12 - 000000066 _____ () C:\Users\DELL\AppData\Roaming\z_u.txt

==================== FLock ==============================

2024-06-14 07:12 C:\Windows\UV_LastPW.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Evon Executor malware + findit-pro redirect + Discord, Facebook and X hack - Virus, Trojan, Spyware, and Malware Removal Help (2024)

References

Top Articles
Latest Posts
Article information

Author: Jamar Nader

Last Updated:

Views: 5899

Rating: 4.4 / 5 (55 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Jamar Nader

Birthday: 1995-02-28

Address: Apt. 536 6162 Reichel Greens, Port Zackaryside, CT 22682-9804

Phone: +9958384818317

Job: IT Representative

Hobby: Scrapbooking, Hiking, Hunting, Kite flying, Blacksmithing, Video gaming, Foraging

Introduction: My name is Jamar Nader, I am a fine, shiny, colorful, bright, nice, perfect, curious person who loves writing and wants to share my knowledge and understanding with you.